Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: libcdaudio, buffer overflow of CDDB

November 2008 by Vigil@nce

SYNTHESIS

An attacker can create a malicious CDDB database in order to
execute code on computer of victims reading this database from
libcdaudio.

Gravity: 2/4

Consequences: user access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/11/2008

IMPACTED PRODUCTS
 Debian Linux
 Novell Linux Desktop
 Novell Open Enterprise Server
 OpenSUSE
 SuSE Linux
 SUSE LINUX Enterprise Server

DESCRIPTION

The libcdaudio library is used in several applications reading
music cdroms.

The "cddb://" uris are used to download information about a cdrom,
such as artist’s name.

However, if these information contain a long field, a buffer
overflow occurs in libcdaudio.

An attacker can therefore create a malicious CDDB database in
order to execute code on computer of victims reading this database
from libcdaudio.

CHARACTERISTICS

Identifiers: CVE-2008-5030, DSA-1665-1, SUSE-SR:2008:024,
VIGILANCE-VUL-8243

http://vigilance.fr/vulnerability/8243


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts